Latest news:

[1/11/2017] - A documentary in the Spainish TV Televisio 3 (Catalonia) Televisio 3.
[5/5/2017] - Our work, Who is Fiddling with Prices? Building and Deploying a Watchdog Service for E-commerce has been accepted to the ACM SIGCOMM 2017 conference.
[10/5/2016] - A documentary in the Swiss national TV about private data and transparency RTS un.
[18/10/2015] - From version 1.2.7 (Firefox) and version 0.1.1 (Chrome), $heriff allow you to see product prices from other $heriff users within the same country using the webRTC protocol. Three new features
ensure that the requests are not malicious:
(1) $heriff first checks to see if the URL is known (using similarweb.com service), if not, then is checking our custom white list hosted in our servers (sheriff.dynu.com).
(2) As a second step of protection, the remote browser is only allowed to serve one remote request at a time. This step ensures that $heriff is not misusing your browser resources.
(3) The last step of protection involves a check request from each individual peer against a black list of known domains related to
inappropriate content such as adult content, drugs, etc. If the requested domain falls into any of those categories the price request is rejected.

If you see a popup warning that a specific domain is not supported, please send as an email.

[30/9/2015] - New version for Google Chrome browser is now available
here.
For any issues please send us your feedback.

[1/3/2015] - $heriff introduction video

1. Select price

2. Check it

3. Examine differences

$heriff is an experimental service that allows to search for traces of
price discrimination in the Internet. We want to see
whether e-retailers vary their prices dynamically based on the
information that they can collect online for the potential customer
(such as her location, browser/OS, incoming link, navigation history,
etc.).

Related Publications

Costas Iordanou (Universidad Carlos III de Madrid, Telefonica Research),
Claudio Soriente (Telefonica Research),
Michael Sirivianos (Cyprus University of Technology),
Nikolaos Laoutaris (Telefonica Research). Who is Fiddling with Prices? Building and Deploying a Watchdog Service for E-commerce.
In Proc. of ACM SIGCOMM 2017.

How to use it

Measurement

Once the data is uploaded to the server, the server launches queries to the
selected URL. It spawns queries with different User-Agent field, and from
different geographic locations (with PlanetLab proxies). Once it receives
back content of the web pages, it displays the results on the measurement
page.

Collected Data

Apart from the data regularly recorded by web servers (IP, timestamps, user agents, ...) we collect:

Source code of the web page that is being checked. The source code (web site contents) is necessary for the
extension as a proof when price discrimination is detected since most websites change their website contents
frequently. Also this data can be used for further analysis by the tool.

Domains of the resources that were requested from the examined page. The extension is informing the
user which third party domains have been contacted upon visiting the specific web site. Usually third
party domains are responsible for user tracking and targeting. The extension is collecting this data
to be able to identify which third party domains are actually monitoring the users on the web. This
type of data has nothing to do with the user’s personal data.

Additional information helpful in finding location of the price on the page. When the user highlight
a product price the extension is building a graph based on the structure of the html code (content
of the website). The extension is using the graph to be able to identify the price from the same
website as observed from different locations worldwide (from another countries). The graph is necessary
for cases when the website from another country are not exactly the same with the one that users observed.
This is happening since most web sites contents are customized based on user location. In this case the
extension may fail to extract the product price. The graph helps the extension to overcome this situation.

Please note we do NOT store any browsing behavior, ONLY the webpage where you want to check the prices on.

The data is recorded ONLY when the user asks for price comparison.

Also note that Personally Identifiable
Information ("PII") like credit card information, emails, passwords, real name, etc. are NOT by default
stored, as we do NOT have access to them. However, when requesting price comparison, users should be mindful of
the "Useful Tips" section - not following the tips set forth therein could expose your PII.

The data is recorded ONLY when the user asks for price comparison.

Donating your data for this research project

For users who choose to donate their data for reaseach ("opt-in"), we additionally collect the
following:

Unique ID of the $heriff extension. Note that after uninstalling the extension we cannot link the
donated data with you or your browser.

First and third party cookies for each price comparison request (This is a small text file added
to your browser by the visited webpages). Note that we collect cookies ONLY from webpages where
you want to check the price on.

Browser history as observed during price comparison request. We collect the last 1000 visited
URLs - your recent browser history. That includes the full URL without any possible arguments that
may exists.

The opt-in feature, i.e., the donation of user data feature, is disabled by default
(Donate History, Donate Cookies checkboxes = unchecked). You can check the current status of the
options by clicking on the $heriff logo (upper-right corner of your browser). You can selectively
opt-in for each option by just selecting the corresponding checkbox for each option. Please review
the "Useful Tips" section below before opting-in to our donation feature.

We highly encourage our user to enable this feature since collecting more information
can help us to identify how price discrimination is occurred, by whom and how.

The data is used solely for the research purposes.

Useful Tips

Since the price comparison requests are recorded to our servers we recommend the following:

Avoid sending price comparisons from web banking systems or any similar web services that include
user names and passwords or any similar data that may reveal your real identity.

If you ever request such type of price comparison by mistake please send us a feedback message
(Red button at lower-left corner of your browser) from the price comparison results page (This is
the new popup window that appears after each price comparison request) so we can delete it from
our servers.

Note that when you enable the donation features, your browser history and cookies are only collected
when price request is send. By enabling and disabling the donation features, no data is collected,
you have to at least send one price check requests.

If for any reason you want to have your data deleted from our system please send as a feedback message
with the subject "remove my data". It is very important that you do so before
unistalling the add-on.

Terms of Use

The browser extension and the measurement infrastructure are designed for the
research purposes. We do our best to assure that it works as intended, although
we can give no warranty.

Acknowledgements

We use
PlanetLab infrastructure to run multiple proxies around the world.